March 21 (Bloomberg) -- The biggest cyberattack on South
Korean computers in two years used malware code from China,
according to an initial investigation that is focusing on
possible links to North Korea.

Around 32,000 servers were damaged in yesterday’s attack on
broadcasters and banks, the Korea Communications Commission said
today in a statement. President Park Geun Hye set up a team to
investigate whether North Korea is responsible, after computer
shutdowns hit companies including Shinhan Bank, Nonghyup Bank,
Munhwa Broadcasting Corp., YTN and Korea Broadcasting System.

The attack occurred less than a month after Park became
president of Asia’s fourth-largest economy, and amid an increase
in friction over North Korea’s nuclear weapons program. Kim Jong
Un’s regime, which detonated an atomic device in February, has
threatened to attack the U.S. with nuclear weapons and today
said American bases in Guam and Japan are within striking range.

“Discovering that the code was from China makes it more
likely that the attack was from North Korea, because a lot of
North Korean hackers operate there,” said Ryou Jae Cheol, a
professor of computer engineering and securities at Chungnam
National University. “Who else would be making this kind of
attack at this scale and timing other than North Korea?”

Asked about the finding at a briefing today, Foreign
Ministry spokesman Hong Lei said hacking attacks are an
“anonymous and transnational problem,” and China wants to work
with other nations to bring about a “secure and cooperative
cyberspace.”

Common Practice

“By using other countries’ IP addresses, hackers attack
some countries’ networks,” Hong said. “This is a common
practice used by hackers.”

South Korea’s Kospi Index fell 0.4 percent, following a 1
percent decline yesterday. The won was little changed at
1,115.97 per dollar. The yield on South Korea’s 2.75 percent
bonds due December 2015 fell one basis point to 2.59 percent,
according to prices from Korea Exchange Inc.

Lieutenant Colonel Damien Pickart, a Pentagon spokesman,
today in an e-mailed statement declined to discuss American
cybersecurity capabilities, while saying the U.S. “is firmly
committed to the defense of Korea in any domain -- to include
cyberspace.”

General James Thurman, the commander of U.S. forces in
South Korea, last year told Congress that North Korea has
“growing cyber warfare capability.”

Sophisticated Hackers

Malware code was distributed through targeted
organizations’ servers, destroying their computers’ ability to
boot, the Korea Communications Commission said yesterday.

“This is the biggest and most serious cyberattack in two
years,” said Shin Hong Sun, an official at the KCC in Seoul.
“There haven’t been simultaneous attacks on more than one
target since 2011.”

South Korea in 2011 blamed North Korea for attacks on about
40 websites and on Nonghyup that kept almost 20 million clients
from using automated teller machines and online banking
services.

The country’s worst cyberattack occurred in 2003, when a
computer virus shut down servers at the country’s largest
Internet service provider, KT Corp., disconnecting 5 million
customers from the web, according to Chon Kwan Ho, another KCC
official. The police did not find North Korean links in that
attack, Chon said.

Spillover Effect

“The latest attack had a big spillover effect as it
paralyzed the country’s largest broadcasters and big financial
entities, not just home PCs,” said Dong Hoon Lee, a professor
in the cyber defense department at Korea University. “There’s
no direct online connection between the North and the South, so
if it’s confirmed that the North is to blame, it’s highly likely
that the attack reached the South through servers in China.”

MBC spokesman Cha Sun Young and YTN spokesman Han Jeong Ho
said their networks haven’t yet returned to normal. A recorded
message at KBS said it isn’t accepting calls during its
investigation. Of the four biggest media companies, only Seoul
Broadcasting System reported being unaffected.

South Korea has been monitoring for possible hacking since
North Korea’s nuclear test, the KCC said March 12.

Highly Probable

“It’s highly probable that North Korea used Chinese IPs
for the attacks,” said Lim Jong In, dean of Korea University’s
Graduate School of Information Security. “These are sentimental
attacks, aimed at spreading confusion to the whole society by
paralyzing media and financial institutions. But it will take
some time to exactly track who’s behind this as China is
unlikely to actively cooperate.”

Military tensions in the region remained at the highest
since at least 2010. North Korea’s Kim led two precision-attack
drills using drones and rockets, the official Korean Central
News Agency said yesterday. The exercise rehearsed an attack
against South Korea, according to the statement.

The U.S. is increasing its defense capability in the region
after Kim’s regime this month threatened to use atomic weapons
in response to tougher United Nations sanctions.

The U.S. Pacific Air Forces Command successfully carried
out its latest B-52 training flight, according to a statement on
its website. A B-52 can carry nuclear warheads and air-to-ground
missiles with a range of 3,000 kilometers (1,864 miles).

Reiterated Threats

North Korea today reiterated its threats, saying the U.S.
“will meet catastrophic end by the strong military
counteraction of the DPRK,” if the bombers are flown again over
the peninsula. The DPRK is the acronym for North Korea’s
official name, the Democratic People’s Republic of Korea.

U.S. Defense Secretary Chuck Hagel said March 15 he will
shift $1 billion from a European missile shield to install 14
additional missile interceptors in Alaska against threats by
Iran and North Korea.

In a phone call yesterday with Chinese President Xi
Jinping, Park reiterated her resolve to “firmly respond” to
any attacks, while promising to give aid to North Korea if it
gives up nuclear weapons and “chooses the right path,”
according to a statement on her website.